Detections
Analytics

ASUS RT-N13U Router Built-in Admin Telnet Account with Unchangeable Password

critical Nessus Plugin ID 71095

Language:

Synopsis

The remote host has a telnet service running that accepts known, built-in credentials.

Description

The remote host is running a telnet service with an unchangeable admin account with known credentials (admin/admin). An attacker could log into this account and gain complete control of the device.

Solution

There is currently no available fix. As a workaround, restrict access to the telnet service.

See Also

https://seclists.org/fulldisclosure/2013/Oct/271

Plugin Details

Severity: Critical

ID: 71095

File Name: asus_rtn13u_admin_account.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 11/26/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/h:asus:rt_n13u

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/28/2013

Reference Information

BID: 63394